Markus Zapke-Gründemann wrote: > > A few days ago I tried the first time a subtree search starting at > the root of an Active Directory on a Windows 2003 Server.
This returns no results (if authenticated). So there's no point trying that. You should rather read namingContexts or defaultNamingContext from rootDSE (base search) to determine the search root on a particular DC. > Operations error > 00000000: LdapErr: DSID-0C090627, comment: In order to perform this > operation a successful bind must be completed on the connection., > data 0, vece Then you tried to connect anonymously which is prohibited in AD's default configuration. > Connecting and binding to the server is working flawlessly. Searching > subtrees is working as well. If you bind everything which is possible in AD should work. > I did also a test with the ldp client of the Microsoft Support Tools > package[1], just to verify that all privileges are correct. With this > client a search with the same filter from the root of the directory > is working. And what did the client return as results? Maybe ldp.exe is using SASL/GSSAPI bind based on your Windows workstation logon seamless without you taking notice of it. And maybe ldp.exe also looks at defaultNamingContext in the rootDSE... Best thing to find out what a client really does it using Wireshark. Ciao, Michael. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Python-LDAP-dev mailing list Python-LDAP-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
